Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Active session count of ASA in HA

Hi,

We have configured our ASA5540 in active-standby failover.

We are observing that current active session count is twice of session count before configuring HA. Earlier average active session was 50000 and now after HA it is around 100000. Kindly let us know the reason for same.

Failover configuration of both firewall are as follows

failover

failover lan unit primary

failover lan interface FOLan GigabitEthernet1/0

failover polltime unit 15 holdtime 45

failover replication http

failover link StateLink GigabitEthernet1/1

failover interface ip FOLan 10.3.3.1 255.255.255.0 standby 10.3.3.2

failover interface ip StateLink 10.4.4.1 255.255.255.0 standby 10.4.4.2

failover

failover lan unit secondary

failover lan interface FOLan GigabitEthernet1/0

failover polltime unit 15 holdtime 45

failover replication http

failover link StateLink GigabitEthernet1/1

failover interface ip FOLan 10.3.3.1 255.255.255.0 standby 10.3.3.2

failover interface ip StateLink 10.4.4.1 255.255.255.0 standby 10.4.4.2

Regards,

Mukesh Tiwari

3 REPLIES
Super Bronze

Active session count of ASA in HA

Hi,

I guess you have check this with "show conn count" or "show conn" commands on the ASA?

Ofcourse the first thing that comes to mind is that its somehow adding up the connection count of both ASA units. Though it shouldnt do this to my knowledge. You should just see almost equal amount of connections on both units. Both Primary and Secondary.

Have you tried to check if there is any host on your local network that would be taking alot of connections? Maybe somethings happened at the same time (even though it might not be likely)

Have you noticed any performance issues/problem after this upgrade to a A/S ASA pair?

- Jouni

New Member

Active session count of ASA in HA

Hi Jouni,

Output of show conn count is same for both ASAs.

I also doubt its somehow adding up the connection count of both ASA units.

Actually, before 15-Apr-12, active-standby HA was already configured but only Primary unit was up and connected in the network. On that day we put Secondary in the network. Since then we are observing change in active session count (see attached screenshot).

We haven't faced any performace issue till date.

Regards,

Mukesh Tiwari

New Member

Active session count of ASA in HA

Hi,

Any update on the same.

Regards,

Mukesh Tiwari

1623
Views
0
Helpful
3
Replies
CreatePlease to create content